Abstract :
[en] In Europe and indeed worldwide, the Gen-
eral Data Protection Regulation (GDPR) provides pro-
tection to individuals regarding their personal data in
the face of new technological developments. GDPR is
widely viewed as the benchmark for data protection
and privacy regulations that harmonizes data privacy
laws across Europe. Although the GDPR is highly ben-
e cial to individuals, it presents signi cant challenges
for organizations monitoring or storing personal infor-
mation. Since there is currently no automated solution
with broad industrial applicability, organizations have
no choice but to carry out expensive manual audits to
ensure GDPR compliance. In this paper, we present a
complete GDPR UML model as a rst step towards de-
signing automated methods for checking GDPR compli-
ance. Given that the practical application of the GDPR
is infuenced by national laws of the EU Member States,we suggest a two-tiered description of the GDPR, generic
and specialized. In this paper, we provide (1) the GDPR
conceptual model we developed with complete trace-
ability from its classes to the GDPR, (2) a glossary to
help understand the model, (3) the plain-English de-
scription of 35 compliance rules derived from GDPR
along with their encoding in OCL, and (4) the set of
20 variations points derived from GDPR to specialize
the generic model. We further present the challenges we
faced in our modeling endeavor, the lessons we learned
from it, and future directions for research.
Scopus citations®
without self-citations
8